• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
johnboy

new to all of this but i need help

14 posts in this topic

hi i m new to this so please forgive the silly questions but could someone help me icant keep my homepage it keeps going back to search index i have run ad-aware6.0 on it and i have run the highjackthis on it now i dont know what the heck to do someone help me please

Share this post


Link to post
Share on other sites

dont know if im suppose to do this but here i go ,www.search.com keeps taken over my homepage ,what am i suppose to delete from this from hijacker Logfile of HijackThis v1.98.0

Scan saved at 7:03:35 PM, on 7/11/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\cisvc.exe

c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ipko.exe

C:\WINDOWS\system32\fxssvc.exe

c:\PROGRA~1\mcafee.com\vso\mcshield.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

C:\WINDOWS\system32\appnz32.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\System32\wuauclt.exe

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\system32\cidaemon.exe

C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\timmy helm\My Documents\hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\ykduz.dll/sp.html#37049

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://ykduz.dll/index.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://ykduz.dll/index.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\ykduz.dll/sp.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\ykduz.dll/sp.html#37049

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://ykduz.dll/index.html#37049

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?p=%s

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {1393F29F-3AD1-88F1-8182-7EBCC2149DC1} - C:\WINDOWS\msub.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll (file missing)

O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\en-us\msntb.dll

O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe

O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe

O4 - HKLM\..\Run: [syscheck] C:\WINDOWS\Fonts\win.hta

O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

O4 - HKLM\..\Run: [appnz32.exe] C:\WINDOWS\system32\appnz32.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\RunOnce: [netwh.exe] C:\WINDOWS\netwh.exe

O4 - HKLM\..\RunOnce: [sysra.exe] C:\WINDOWS\sysra.exe

O4 - HKLM\..\RunOnce: [apixj32.exe] C:\WINDOWS\system32\apixj32.exe

O4 - HKLM\..\RunOnce: [winvb.exe] C:\WINDOWS\system32\winvb.exe

O4 - HKLM\..\RunOnce: [syssu.exe] C:\WINDOWS\system32\syssu.exe

O4 - HKLM\..\RunOnce: [javadc.exe] C:\WINDOWS\system32\javadc.exe

O4 - HKLM\..\RunOnce: [sdkua.exe] C:\WINDOWS\sdkua.exe

O4 - HKLM\..\RunOnce: [mfcvi32.exe] C:\WINDOWS\mfcvi32.exe

O4 - HKLM\..\RunOnce: [appfy32.exe] C:\WINDOWS\system32\appfy32.exe

O4 - HKLM\..\RunOnce: [sdkbp32.exe] C:\WINDOWS\system32\sdkbp32.exe

O4 - HKLM\..\RunOnce: [mfcop32.exe] C:\WINDOWS\system32\mfcop32.exe

O4 - HKLM\..\RunOnce: [crxs32.exe] C:\WINDOWS\system32\crxs32.exe

O4 - HKLM\..\RunOnce: [mfcvx32.exe] C:\WINDOWS\system32\mfcvx32.exe

O4 - HKLM\..\RunOnce: [javaob.exe] C:\WINDOWS\system32\javaob.exe

O4 - HKLM\..\RunOnce: [appyu32.exe] C:\WINDOWS\appyu32.exe

O4 - HKLM\..\RunOnce: [crih.exe] C:\WINDOWS\crih.exe

O4 - HKLM\..\RunOnce: [javahm.exe] C:\WINDOWS\javahm.exe

O4 - HKLM\..\RunOnce: [msfk32.exe] C:\WINDOWS\msfk32.exe

O4 - HKLM\..\RunOnce: [javahg.exe] C:\WINDOWS\system32\javahg.exe

O4 - HKLM\..\RunOnce: [atlbg32.exe] C:\WINDOWS\atlbg32.exe

O4 - HKLM\..\RunOnce: [msdp.exe] C:\WINDOWS\system32\msdp.exe

O4 - HKLM\..\RunOnce: [appkz.exe] C:\WINDOWS\system32\appkz.exe

O4 - HKLM\..\RunOnce: [addoe32.exe] C:\WINDOWS\system32\addoe32.exe

O4 - HKLM\..\RunOnce: [winlw.exe] C:\WINDOWS\system32\winlw.exe

O4 - HKLM\..\RunOnce: [mfcov32.exe] C:\WINDOWS\system32\mfcov32.exe

O4 - HKLM\..\RunOnce: [wintc.exe] C:\WINDOWS\system32\wintc.exe

O4 - HKLM\..\RunOnce: [atley.exe] C:\WINDOWS\system32\atley.exe

O4 - HKLM\..\RunOnce: [crde.exe] C:\WINDOWS\system32\crde.exe

O4 - HKLM\..\RunOnce: [atlvw32.exe] C:\WINDOWS\atlvw32.exe

O4 - HKLM\..\RunOnce: [addwt.exe] C:\WINDOWS\system32\addwt.exe

O4 - HKLM\..\RunOnce: [appdn.exe] C:\WINDOWS\appdn.exe

O4 - HKLM\..\RunOnce: [iekq32.exe] C:\WINDOWS\system32\iekq32.exe

O4 - HKLM\..\RunOnce: [apigj.exe] C:\WINDOWS\apigj.exe

O4 - HKLM\..\RunOnce: [crqp.exe] C:\WINDOWS\crqp.exe

O4 - HKLM\..\RunOnce: [d3hi32.exe] C:\WINDOWS\d3hi32.exe

O4 - HKLM\..\RunOnce: [sdkax32.exe] C:\WINDOWS\system32\sdkax32.exe

O4 - HKLM\..\RunOnce: [apisx.exe] C:\WINDOWS\apisx.exe

O4 - HKLM\..\RunOnce: [sysap32.exe] C:\WINDOWS\sysap32.exe

O4 - HKLM\..\RunOnce: [addar.exe] C:\WINDOWS\system32\addar.exe

O4 - HKLM\..\RunOnce: [mfczk.exe] C:\WINDOWS\mfczk.exe

O4 - HKLM\..\RunOnce: [ntjz32.exe] C:\WINDOWS\ntjz32.exe

O4 - HKLM\..\RunOnce: [appyp32.exe] C:\WINDOWS\system32\appyp32.exe

O4 - HKLM\..\RunOnce: [ietn.exe] C:\WINDOWS\system32\ietn.exe

O4 - HKLM\..\RunOnce: [msco.exe] C:\WINDOWS\msco.exe

O4 - HKLM\..\RunOnce: [iplt32.exe] C:\WINDOWS\iplt32.exe

O4 - HKLM\..\RunOnce: [sdkpo32.exe] C:\WINDOWS\system32\sdkpo32.exe

O4 - HKLM\..\RunOnce: [appmm32.exe] C:\WINDOWS\system32\appmm32.exe

O4 - HKLM\..\RunOnce: [winsb32.exe] C:\WINDOWS\winsb32.exe

O4 - HKLM\..\RunOnce: [ntlr.exe] C:\WINDOWS\system32\ntlr.exe

O4 - HKLM\..\RunOnce: [javalv32.exe] C:\WINDOWS\javalv32.exe

O4 - HKLM\..\RunOnce: [javasn.exe] C:\WINDOWS\system32\javasn.exe

O4 - HKLM\..\RunOnce: [sysuc32.exe] C:\WINDOWS\system32\sysuc32.exe

O4 - HKLM\..\RunOnce: [appjg.exe] C:\WINDOWS\system32\appjg.exe

O4 - HKLM\..\RunOnce: [apptj.exe] C:\WINDOWS\system32\apptj.exe

O4 - HKLM\..\RunOnce: [ntyo32.exe] C:\WINDOWS\system32\ntyo32.exe

O4 - HKLM\..\RunOnce: [d3ao32.exe] C:\WINDOWS\d3ao32.exe

O4 - HKLM\..\RunOnce: [winym32.exe] C:\WINDOWS\winym32.exe

O4 - HKLM\..\RunOnce: [ipko.exe] C:\WINDOWS\system32\ipko.exe

O4 - HKLM\..\RunOnce: [atldt.exe] C:\WINDOWS\system32\atldt.exe

O4 - HKLM\..\RunOnce: [atlcl.exe] C:\WINDOWS\system32\atlcl.exe

O4 - HKLM\..\RunOnce: [netuo32.exe] C:\WINDOWS\netuo32.exe

O4 - HKLM\..\RunOnce: [mfcqt32.exe] C:\WINDOWS\mfcqt32.exe

O4 - HKLM\..\RunOnce: [winwi.exe] C:\WINDOWS\system32\winwi.exe

O4 - HKLM\..\RunOnce: [javadn.exe] C:\WINDOWS\javadn.exe

O4 - HKLM\..\RunOnce: [ntdh.exe] C:\WINDOWS\ntdh.exe

O4 - HKLM\..\RunOnce: [addnh32.exe] C:\WINDOWS\system32\addnh32.exe

O4 - HKLM\..\RunOnce: [syske32.exe] C:\WINDOWS\system32\syske32.exe

O4 - HKLM\..\RunOnce: [netlh32.exe] C:\WINDOWS\netlh32.exe

O4 - HKLM\..\RunOnce: [sysfo32.exe] C:\WINDOWS\system32\sysfo32.exe

O4 - HKLM\..\RunOnce: [apipu32.exe] C:\WINDOWS\apipu32.exe

O4 - HKLM\..\RunOnce: [mfcpw32.exe] C:\WINDOWS\mfcpw32.exe

O4 - HKLM\..\RunOnce: [appcs.exe] C:\WINDOWS\appcs.exe

O4 - HKLM\..\RunOnce: [netro.exe] C:\WINDOWS\netro.exe

O4 - HKLM\..\RunOnce: [msyq.exe] C:\WINDOWS\msyq.exe

O4 - HKLM\..\RunOnce: [winix.exe] C:\WINDOWS\system32\winix.exe

O4 - HKLM\..\RunOnce: [javahx32.exe] C:\WINDOWS\system32\javahx32.exe

O4 - HKLM\..\RunOnce: [ntvn32.exe] C:\WINDOWS\ntvn32.exe

O4 - HKLM\..\RunOnce: [sdkie32.exe] C:\WINDOWS\system32\sdkie32.exe

O4 - HKLM\..\RunOnce: [apimu.exe] C:\WINDOWS\system32\apimu.exe

O4 - HKLM\..\RunOnce: [sysbs32.exe] C:\WINDOWS\sysbs32.exe

O4 - HKLM\..\RunOnce: [msjf.exe] C:\WINDOWS\msjf.exe

O4 - HKLM\..\RunOnce: [atlrx32.exe] C:\WINDOWS\system32\atlrx32.exe

O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [sws.exe] c:\program files\GlobalDialer\domer00014\gd-dial.exe -remove

O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll

O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - (no file)

O9 - Extra button: (no name) - {BE2F2769-8A63-4bc7-8A99-06C2C4AD7B9B} - (no file)

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - (no file) (HKCU)

O9 - Extra button: (no name) - {BE2F2769-8A63-4bc7-8A99-06C2C4AD7B9B} - (no file) (HKCU)

O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll

O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab28578.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab

O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab28578.cab

O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{6C2FDAC1-48A7-4DCB-B716-6CC47AFEC434}: NameServer = 66.38.0.240 66.38.0.241

Share this post


Link to post
Share on other sites

here is the new logfiles from aboutbuster and hjt -- Scan 1 --------

About:Buster Version 1.27

Removed! : C:\WINDOWS\drayb.dat

Removed! : C:\WINDOWS\dzezib.dat

Removed! : C:\WINDOWS\dzfjn.dat

Removed! : C:\WINDOWS\eazmrv.dat

Removed! : C:\WINDOWS\ebympa.dat

Removed! : C:\WINDOWS\ecmmtr.dat

Removed! : C:\WINDOWS\edmpm.dat

Removed! : C:\WINDOWS\edqmxf.dat

Removed! : C:\WINDOWS\egqlh.dat

Removed! : C:\WINDOWS\ehdyd.dat

Removed! : C:\WINDOWS\ehsldf.dat

Removed! : C:\WINDOWS\eikhl.dat

Removed! : C:\WINDOWS\ejawyq.dat

Removed! : C:\WINDOWS\ejnxs.dll

Removed! : C:\WINDOWS\ejqsj.dll

Removed! : C:\WINDOWS\enktj.dat

Removed! : C:\WINDOWS\eorpsw.dat

Removed! : C:\WINDOWS\eovdac.dat

Removed! : C:\WINDOWS\erlrs.dat

Removed! : C:\WINDOWS\erohmr.dat

Removed! : C:\WINDOWS\ewsgly.dat

Removed! : C:\WINDOWS\exfnfu.dat

Removed! : C:\WINDOWS\exyfev.dat

Removed! : C:\WINDOWS\faeuzv.dat

Removed! : C:\WINDOWS\faklhi.dat

Removed! : C:\WINDOWS\fbggi.dat

Removed! : C:\WINDOWS\fetny.dat

Removed! : C:\WINDOWS\fkpkn.dat

Removed! : C:\WINDOWS\fqzikf.dat

Removed! : C:\WINDOWS\frjet.dat

Removed! : C:\WINDOWS\frjet.dll

Removed! : C:\WINDOWS\futvo.dll

Removed! : C:\WINDOWS\fvzps.dll

Removed! : C:\WINDOWS\fwkspl.dat

Removed! : C:\WINDOWS\fxpfko.dat

Removed! : C:\WINDOWS\ginhv.dat

Removed! : C:\WINDOWS\glwwi.dat

Removed! : C:\WINDOWS\gmijcg.dat

Removed! : C:\WINDOWS\gupylo.dat

Removed! : C:\WINDOWS\gvlrmm.dat

Removed! : C:\WINDOWS\hbabxv.dat

Removed! : C:\WINDOWS\hdbanw.dat

Removed! : C:\WINDOWS\hdpqlb.dat

Removed! : C:\WINDOWS\hnifkw.dat

Removed! : C:\WINDOWS\hohoq.dat

Removed! : C:\WINDOWS\hoosu.dll

Removed! : C:\WINDOWS\hpwmcl.dat

Removed! : C:\WINDOWS\hryyzf.dat

Removed! : C:\WINDOWS\hvggf.dat

Removed! : C:\WINDOWS\hvtza.dat

Removed! : C:\WINDOWS\hywngt.dat

Removed! : C:\WINDOWS\ieafo.dat

Removed! : C:\WINDOWS\iegy.dll

Removed! : C:\WINDOWS\ierl32.dll

Removed! : C:\WINDOWS\ietk.dll

Removed! : C:\WINDOWS\ieyr32.dll

Removed! : C:\WINDOWS\ihqfs.dat

Removed! : C:\WINDOWS\ihuafp.dat

Removed! : C:\WINDOWS\ihvxl.dat

Removed! : C:\WINDOWS\ihwjoz.dat

Removed! : C:\WINDOWS\ilmgn.dat

Removed! : C:\WINDOWS\imrysn.dat

Removed! : C:\WINDOWS\ipgg.exe

Removed! : C:\WINDOWS\iplf32.dll

Removed! : C:\WINDOWS\iplt32.exe

Removed! : C:\WINDOWS\ipot.dll

Removed! : C:\WINDOWS\iprf32.dll

Removed! : C:\WINDOWS\iprx32.dll

Removed! : C:\WINDOWS\iqizy.dat

Removed! : C:\WINDOWS\itake.dat

Removed! : C:\WINDOWS\iwfin.dat

Removed! : C:\WINDOWS\ixngw.dat

Removed! : C:\WINDOWS\izhye.dat

Removed! : C:\WINDOWS\izuec.dat

Removed! : C:\WINDOWS\javadn.exe

Removed! : C:\WINDOWS\javafn.exe

Removed! : C:\WINDOWS\javahm.exe

Removed! : C:\WINDOWS\javalv32.exe

Removed! : C:\WINDOWS\jcfbh.dat

Removed! : C:\WINDOWS\jdlsl.dat

Removed! : C:\WINDOWS\jdppa.dat

Removed! : C:\WINDOWS\jeday.dat

Removed! : C:\WINDOWS\jhoudd.dat

Removed! : C:\WINDOWS\jjkmzb.dat

Removed! : C:\WINDOWS\jkwki.dat

Removed! : C:\WINDOWS\jlsvhg.dat

Removed! : C:\WINDOWS\jmacb.dat

Removed! : C:\WINDOWS\jpiayi.dat

Removed! : C:\WINDOWS\jrfll.dat

Removed! : C:\WINDOWS\jrhkth.dat

Removed! : C:\WINDOWS\jrrqx.dat

Removed! : C:\WINDOWS\juqgfy.dat

Removed! : C:\WINDOWS\jvcie.dat

Removed! : C:\WINDOWS\kexve.dll

Removed! : C:\WINDOWS\khuqcq.dat

Removed! : C:\WINDOWS\khuym.dll

Removed! : C:\WINDOWS\klgpv.dat

Removed! : C:\WINDOWS\kmtmxu.dat

Removed! : C:\WINDOWS\kmulko.dat

Removed! : C:\WINDOWS\kohbfu.dat

Removed! : C:\WINDOWS\kxjww.dat

Removed! : C:\WINDOWS\kxypet.dat

Removed! : C:\WINDOWS\lfykm.dll

Removed! : C:\WINDOWS\lmudv.dat

Removed! : C:\WINDOWS\lmufv.dat

Removed! : C:\WINDOWS\logpj.dat

Removed! : C:\WINDOWS\loruq.dat

Removed! : C:\WINDOWS\lpaaa.dat

Removed! : C:\WINDOWS\lpkro.dll

Removed! : C:\WINDOWS\lrsvzv.dat

Removed! : C:\WINDOWS\lsioa.dat

Removed! : C:\WINDOWS\lsyjmw.dat

Removed! : C:\WINDOWS\mehmyy.dat

Removed! : C:\WINDOWS\mfcbz.dll

Removed! : C:\WINDOWS\mfcpw32.exe

Removed! : C:\WINDOWS\mfcqt32.exe

Removed! : C:\WINDOWS\mfcvi32.exe

Removed! : C:\WINDOWS\mfcwf32.dll

Removed! : C:\WINDOWS\mfczk.exe

Removed! : C:\WINDOWS\mjmay.dat

Removed! : C:\WINDOWS\mlsun.dat

Removed! : C:\WINDOWS\mqdpmo.dat

Removed! : C:\WINDOWS\mrqlw.dll

Removed! : C:\WINDOWS\msco.exe

Removed! : C:\WINDOWS\mscv.exe

Removed! : C:\WINDOWS\msfk32.exe

Removed! : C:\WINDOWS\msgn32.exe

Removed! : C:\WINDOWS\msjf.exe

Removed! : C:\WINDOWS\msqj32.dll

Removed! : C:\WINDOWS\msyd32.dll

Removed! : C:\WINDOWS\msyq.exe

Removed! : C:\WINDOWS\mvsln.dll

Removed! : C:\WINDOWS\ndrbz.dll

Removed! : C:\WINDOWS\netdm.dll

Removed! : C:\WINDOWS\netlh32.exe

Removed! : C:\WINDOWS\netow32.exe

Removed! : C:\WINDOWS\netro.exe

Removed! : C:\WINDOWS\netuo32.exe

Removed! : C:\WINDOWS\netwh.exe

Removed! : C:\WINDOWS\nmenh.dat

Removed! : C:\WINDOWS\nnnnna.dat

Removed! : C:\WINDOWS\noixiw.dat

Removed! : C:\WINDOWS\npjtbo.dat

Removed! : C:\WINDOWS\npkec.dll

Removed! : C:\WINDOWS\ntdh.exe

Removed! : C:\WINDOWS\ntjz32.exe

Removed! : C:\WINDOWS\ntrm32.dll

Removed! : C:\WINDOWS\ntvn32.exe

Removed! : C:\WINDOWS\nwjfzc.dat

Removed! : C:\WINDOWS\n_dlrgap.dat

Removed! : C:\WINDOWS\n_fcgxjj.dat

Removed! : C:\WINDOWS\n_gseecp.dat

Removed! : C:\WINDOWS\n_jcdndl.dat

Removed! : C:\WINDOWS\n_oidymm.dat

Removed! : C:\WINDOWS\n_pmefux.dat

Removed! : C:\WINDOWS\n_qykdxe.dat

Removed! : C:\WINDOWS\n_sutrjf.dat

Removed! : C:\WINDOWS\n_tulalc.dat

Removed! : C:\WINDOWS\n_ugrtxw.dat

Removed! : C:\WINDOWS\n_uzqhrv.dat

Removed! : C:\WINDOWS\n_wqestj.dat

Removed! : C:\WINDOWS\oaxex.dat

Removed! : C:\WINDOWS\obmmc.dat

Removed! : C:\WINDOWS\odubf.dll

Removed! : C:\WINDOWS\oehvll.dat

Removed! : C:\WINDOWS\oiylq.dll

Removed! : C:\WINDOWS\ojedz.dat

Removed! : C:\WINDOWS\ojkpkc.dat

Removed! : C:\WINDOWS\okqjxq.dat

Removed! : C:\WINDOWS\ombok.dat

Removed! : C:\WINDOWS\opnxto.dat

Removed! : C:\WINDOWS\otljoy.dat

Removed! : C:\WINDOWS\oumxqv.dat

Removed! : C:\WINDOWS\oyiqe.dll

Removed! : C:\WINDOWS\oyllg.dat

Removed! : C:\WINDOWS\ozznmc.dat

Removed! : C:\WINDOWS\pacoo.dat

Removed! : C:\WINDOWS\pbcts.dat

Removed! : C:\WINDOWS\pbiibs.dat

Removed! : C:\WINDOWS\pbjmdm.dat

Removed! : C:\WINDOWS\pewgu.dll

Removed! : C:\WINDOWS\pjtxz.dat

Removed! : C:\WINDOWS\pkyttr.dat

Removed! : C:\WINDOWS\plqup.dll

Removed! : C:\WINDOWS\plssqp.dat

Removed! : C:\WINDOWS\pmefux.dat

Removed! : C:\WINDOWS\pntyh.dat

Removed! : C:\WINDOWS\poivr.dat

Removed! : C:\WINDOWS\psbiov.dat

Removed! : C:\WINDOWS\pzrjlk.dat

Removed! : C:\WINDOWS\qastkk.dat

Removed! : C:\WINDOWS\qdydnc.dat

Removed! : C:\WINDOWS\qejcz.dat

Removed! : C:\WINDOWS\qfhhzh.dat

Removed! : C:\WINDOWS\qftsgw.dat

Removed! : C:\WINDOWS\qgeudb.dat

Removed! : C:\WINDOWS\qhsah.dat

Removed! : C:\WINDOWS\qicbc.dat

Removed! : C:\WINDOWS\qmuiqt.dat

Removed! : C:\WINDOWS\qrfkts.dat

Removed! : C:\WINDOWS\qsldd.dat

Removed! : C:\WINDOWS\quzdf.dll

Removed! : C:\WINDOWS\qxxbpd.dat

Removed! : C:\WINDOWS\qybat.dll

Removed! : C:\WINDOWS\rbyxnh.dat

Removed! : C:\WINDOWS\refgdx.dat

Removed! : C:\WINDOWS\rekkce.dat

Removed! : C:\WINDOWS\ridri.dll

Removed! : C:\WINDOWS\ripktx.dat

Removed! : C:\WINDOWS\rjvwpi.dat

Removed! : C:\WINDOWS\rklnq.dat

Removed! : C:\WINDOWS\rmfsjm.dat

Removed! : C:\WINDOWS\rorzai.dat

Removed! : C:\WINDOWS\rpsne.dat

Removed! : C:\WINDOWS\rrbdp.dat

Removed! : C:\WINDOWS\rrmot.dat

Removed! : C:\WINDOWS\rshkno.dat

Removed! : C:\WINDOWS\rsluw.dat

Removed! : C:\WINDOWS\rssaw.dat

Removed! : C:\WINDOWS\rtcbd.dat

Removed! : C:\WINDOWS\rtont.dll

Removed! : C:\WINDOWS\rvqyni.dat

Removed! : C:\WINDOWS\rwheco.dat

Removed! : C:\WINDOWS\rwyevj.dat

Removed! : C:\WINDOWS\rxyka.dat

Removed! : C:\WINDOWS\rytrx.dat

Removed! : C:\WINDOWS\saqsi.dll

Removed! : C:\WINDOWS\sbehma.dat

Removed! : C:\WINDOWS\scbnw.dat

Removed! : C:\WINDOWS\sdeaq.dll

Removed! : C:\WINDOWS\sdkcj32.exe

Removed! : C:\WINDOWS\sdkkc.dll

Removed! : C:\WINDOWS\sdkoq.exe

Removed! : C:\WINDOWS\sdkua.exe

Removed! : C:\WINDOWS\sdkut32.exe

Removed! : C:\WINDOWS\sdrgau.dat

Removed! : C:\WINDOWS\seitan.dat

Removed! : C:\WINDOWS\shuhpl.dat

Removed! : C:\WINDOWS\sijxoe.dat

Removed! : C:\WINDOWS\skdrbe.dat

Removed! : C:\WINDOWS\sldbe.dat

Removed! : C:\WINDOWS\smgec.dat

Removed! : C:\WINDOWS\snziz.dat

Removed! : C:\WINDOWS\sompyp.dat

Removed! : C:\WINDOWS\spdin.dll

Removed! : C:\WINDOWS\srlchm.dat

Removed! : C:\WINDOWS\syeide.dat

Removed! : C:\WINDOWS\sysap32.exe

Removed! : C:\WINDOWS\sysbs32.exe

Removed! : C:\WINDOWS\sysmz32.exe

Removed! : C:\WINDOWS\sysnj.exe

Removed! : C:\WINDOWS\sysra.exe

Removed! : C:\WINDOWS\tboyn.dat

Removed! : C:\WINDOWS\tbvlj.dat

Removed! : C:\WINDOWS\tceytt.dat

Removed! : C:\WINDOWS\tdgcnx.dat

Removed! : C:\WINDOWS\tdzwhj.dat

Removed! : C:\WINDOWS\temdo.dat

Removed! : C:\WINDOWS\tewxh.dat

Removed! : C:\WINDOWS\tfwqa.dat

Removed! : C:\WINDOWS\tigveb.dat

Removed! : C:\WINDOWS\tlzpgq.dat

Removed! : C:\WINDOWS\tmrhh.dat

Removed! : C:\WINDOWS\tmzcn.dat

Removed! : C:\WINDOWS\tnemq.dat

Removed! : C:\WINDOWS\tobku.dat

Removed! : C:\WINDOWS\tsrykg.dat

Removed! : C:\WINDOWS\tuhwhm.dat

Removed! : C:\WINDOWS\tvmsf.dat

Removed! : C:\WINDOWS\ubpeyk.dat

Removed! : C:\WINDOWS\uezvu.dat

Removed! : C:\WINDOWS\ugrtxw.dat

Removed! : C:\WINDOWS\ugzzie.dat

Removed! : C:\WINDOWS\ukzyp.dat

Removed! : C:\WINDOWS\ulkyty.dat

Removed! : C:\WINDOWS\uojvz.dat

Removed! : C:\WINDOWS\urhko.dat

Removed! : C:\WINDOWS\utbxnr.dat

Removed! : C:\WINDOWS\uusyy.dat

Removed! : C:\WINDOWS\uxfttf.dat

Removed! : C:\WINDOWS\vbmxu.dat

Removed! : C:\WINDOWS\vbxzqe.dat

Removed! : C:\WINDOWS\vdkuxn.dat

Removed! : C:\WINDOWS\veacs.dat

Removed! : C:\WINDOWS\vetcbq.dat

Removed! : C:\WINDOWS\vhclcp.dat

Removed! : C:\WINDOWS\vhwvz.dat

Removed! : C:\WINDOWS\vjzjr.dll

Removed! : C:\WINDOWS\vmyta.dat

Removed! : C:\WINDOWS\vojsmh.dat

Removed! : C:\WINDOWS\voowx.dat

Removed! : C:\WINDOWS\vqjjc.dat

Removed! : C:\WINDOWS\vqmusm.dat

Removed! : C:\WINDOWS\vsaogr.dat

Removed! : C:\WINDOWS\vxits.dat

Removed! : C:\WINDOWS\vyqgni.dat

Removed! : C:\WINDOWS\vzcel.dat

Removed! : C:\WINDOWS\waekes.dat

Removed! : C:\WINDOWS\wcbczp.dat

Removed! : C:\WINDOWS\wdddl.dat

Removed! : C:\WINDOWS\winlb.dll

Removed! : C:\WINDOWS\winsb32.exe

Removed! : C:\WINDOWS\wints32.dll

Removed! : C:\WINDOWS\winym32.exe

Removed! : C:\WINDOWS\wjoyn.dat

Removed! : C:\WINDOWS\wkvapv.dat

Removed! : C:\WINDOWS\wsxym.dat

Removed! : C:\WINDOWS\wuivlq.dat

Removed! : C:\WINDOWS\xaysp.dat

Removed! : C:\WINDOWS\xfhnb.dat

Removed! : C:\WINDOWS\xfxhmk.dat

Removed! : C:\WINDOWS\xgfdk.dat

Removed! : C:\WINDOWS\xlyqhz.dat

Removed! : C:\WINDOWS\xmgez.dat

Removed! : C:\WINDOWS\xmwlb.dat

Removed! : C:\WINDOWS\xuqfe.dat

Removed! : C:\WINDOWS\xuymp.dat

Removed! : C:\WINDOWS\xwfmzv.dat

Removed! : C:\WINDOWS\xxbyc.dat

Removed! : C:\WINDOWS\ycrlxa.dat

Removed! : C:\WINDOWS\yffwhq.dat

Removed! : C:\WINDOWS\ygiaxl.dat

Removed! : C:\WINDOWS\ymaodf.dat

Removed! : C:\WINDOWS\ynbhp.dat

Removed! : C:\WINDOWS\yoxgab.dat

Removed! : C:\WINDOWS\yoxxw.dll

Removed! : C:\WINDOWS\ypwdhw.dat

Removed! : C:\WINDOWS\yrkmfc.dat

Removed! : C:\WINDOWS\yruqi.dat

Removed! : C:\WINDOWS\ysicz.dat

Removed! : C:\WINDOWS\ywrmuf.dat

Removed! : C:\WINDOWS\yylzcc.dat

Removed! : C:\WINDOWS\zardw.dat

Removed! : C:\WINDOWS\zaurbs.dat

Removed! : C:\WINDOWS\zbese.dat

Removed! : C:\WINDOWS\zbfly.dll

Removed! : C:\WINDOWS\zcjqa.dat

Removed! : C:\WINDOWS\zfabye.dat

Removed! : C:\WINDOWS\zghdk.dat

Removed! : C:\WINDOWS\ziotlk.dat

Removed! : C:\WINDOWS\zitdil.dat

Removed! : C:\WINDOWS\ziygj.dat

Removed! : C:\WINDOWS\zjmaqb.dat

Removed! : C:\WINDOWS\zkmut.dat

Removed! : C:\WINDOWS\zkyzd.dat

Removed! : C:\WINDOWS\zrlipn.dat

Removed! : C:\WINDOWS\zrwfz.dat

Removed! : C:\WINDOWS\zvgjg.dat

Removed! : C:\WINDOWS\zxapc.dat

Removed! : C:\WINDOWS\zxrbbx.dat

Removed! : C:\WINDOWS\System32\addar.exe

Removed! : C:\WINDOWS\System32\addgi.exe

Removed! : C:\WINDOWS\System32\addmm32.dll

Removed! : C:\WINDOWS\System32\addnh32.exe

Removed! : C:\WINDOWS\System32\addoe32.exe

Removed! : C:\WINDOWS\System32\addwt.exe

Removed! : C:\WINDOWS\System32\aemiu.dll

Removed! : C:\WINDOWS\System32\ajbub.dat

Removed! : C:\WINDOWS\System32\akjdp.dat

Removed! : C:\WINDOWS\System32\aljaq.dll

Removed! : C:\WINDOWS\System32\anjeu.dat

Removed! : C:\WINDOWS\System32\apikz.exe

Removed! : C:\WINDOWS\System32\apimu.exe

Removed! : C:\WINDOWS\System32\apiud.dll

Removed! : C:\WINDOWS\System32\apiwa.dll

Removed! : C:\WINDOWS\System32\apixj32.exe

Removed! : C:\WINDOWS\System32\appba.dll

Removed! : C:\WINDOWS\System32\appef32.dll

Removed! : C:\WINDOWS\System32\appfy32.exe

Removed! : C:\WINDOWS\System32\appjg.exe

Removed! : C:\WINDOWS\System32\appkz.exe

Removed! : C:\WINDOWS\System32\appmm32.exe

Error Removing! : C:\WINDOWS\System32\appnz32.exe

Removed! : C:\WINDOWS\System32\apptj.exe

Removed! : C:\WINDOWS\System32\appyp32.exe

Removed! : C:\WINDOWS\System32\atlcl.exe

Removed! : C:\WINDOWS\System32\atldt.exe

Removed! : C:\WINDOWS\System32\atley.exe

Removed! : C:\WINDOWS\System32\atlfz.dll

Removed! : C:\WINDOWS\System32\atlgy32.dll

Removed! : C:\WINDOWS\System32\atlrx32.exe

Removed! : C:\WINDOWS\System32\atltv32.dll

Removed! : C:\WINDOWS\System32\avygu.dat

Removed! : C:\WINDOWS\System32\aymsb.dll

Removed! : C:\WINDOWS\System32\bdrav.dll

Removed! : C:\WINDOWS\System32\bimka.dat

Removed! : C:\WINDOWS\System32\bjqnt.dll

Removed! : C:\WINDOWS\System32\bkujn.dat

Removed! : C:\WINDOWS\System32\bnfpt.dat

Removed! : C:\WINDOWS\System32\botgg.dat

Removed! : C:\WINDOWS\System32\bqaue.dat

Removed! : C:\WINDOWS\System32\btphs.dat

Removed! : C:\WINDOWS\System32\bxaoc.dat

Removed! : C:\WINDOWS\System32\crde.exe

Removed! : C:\WINDOWS\System32\crgq.dll

Removed! : C:\WINDOWS\System32\crie32.dll

Removed! : C:\WINDOWS\System32\crxs32.exe

Removed! : C:\WINDOWS\System32\csmcm.dat

Removed! : C:\WINDOWS\System32\ctiwj.dat

Removed! : C:\WINDOWS\System32\cvezl.dat

Removed! : C:\WINDOWS\System32\d3zw.exe

Removed! : C:\WINDOWS\System32\dgkjm.dat

Removed! : C:\WINDOWS\System32\dhbbk.dat

Removed! : C:\WINDOWS\System32\dhdve.dat

Removed! : C:\WINDOWS\System32\doxyr.dll

Removed! : C:\WINDOWS\System32\dqlyg.dat

Removed! : C:\WINDOWS\System32\duykb.dat

Removed! : C:\WINDOWS\System32\ebxao.dat

Removed! : C:\WINDOWS\System32\edfbj.dat

Removed! : C:\WINDOWS\System32\edzso.dat

Removed! : C:\WINDOWS\System32\esgsg.dat

Removed! : C:\WINDOWS\System32\esoqa.dll

Removed! : C:\WINDOWS\System32\fhegt.dat

Removed! : C:\WINDOWS\System32\fjkvp.dat

Removed! : C:\WINDOWS\System32\flmpw.dat

Removed! : C:\WINDOWS\System32\flqnc.dat

Removed! : C:\WINDOWS\System32\fsjid.dll

Removed! : C:\WINDOWS\System32\fyekj.dat

Removed! : C:\WINDOWS\System32\gcgjt.dll

Removed! : C:\WINDOWS\System32\gdcsd.dat

Removed! : C:\WINDOWS\System32\guxve.dat

Removed! : C:\WINDOWS\System32\haxwd.dat

Removed! : C:\WINDOWS\System32\hbmzo.dat

Removed! : C:\WINDOWS\System32\hgqxu.dat

Removed! : C:\WINDOWS\System32\hjxlk.dat

Removed! : C:\WINDOWS\System32\hlcqf.dat

Removed! : C:\WINDOWS\System32\hlzml.dat

Removed! : C:\WINDOWS\System32\hniga.dll

Removed! : C:\WINDOWS\System32\hofmr.dll

Removed! : C:\WINDOWS\System32\hxqty.dat

Removed! : C:\WINDOWS\System32\iekq32.exe

Removed! : C:\WINDOWS\System32\ietn.dll

Removed! : C:\WINDOWS\System32\ietn.exe

Removed! : C:\WINDOWS\System32\ipko.exe

Removed! : C:\WINDOWS\System32\iwvms.dll

Removed! : C:\WINDOWS\System32\iyzcr.dll

Removed! : C:\WINDOWS\System32\jaegr.dat

Removed! : C:\WINDOWS\System32\jagcr.dll

Removed! : C:\WINDOWS\System32\javaan32.exe

Removed! : C:\WINDOWS\System32\javadc.exe

Removed! : C:\WINDOWS\System32\javahg.exe

Removed! : C:\WINDOWS\System32\javahx32.exe

Removed! : C:\WINDOWS\System32\javakj.exe

Removed! : C:\WINDOWS\System32\javaob.exe

Removed! : C:\WINDOWS\System32\javapc32.exe

Removed! : C:\WINDOWS\System32\javasn.exe

Removed! : C:\WINDOWS\System32\javata.dll

Removed! : C:\WINDOWS\System32\javawa.dll

Removed! : C:\WINDOWS\System32\jbfnz.dat

Removed! : C:\WINDOWS\System32\jelxs.dat

Removed! : C:\WINDOWS\System32\jfnbh.dat

Removed! : C:\WINDOWS\System32\jkgmo.dat

Removed! : C:\WINDOWS\System32\jllkn.dat

Removed! : C:\WINDOWS\System32\jwfda.dll

Removed! : C:\WINDOWS\System32\jxocf.dat

Removed! : C:\WINDOWS\System32\kdtgy.dll

Removed! : C:\WINDOWS\System32\keigh.dat

Removed! : C:\WINDOWS\System32\lfxxk.dat

Removed! : C:\WINDOWS\System32\lguaf.dat

Removed! : C:\WINDOWS\System32\lkfye.dat

Removed! : C:\WINDOWS\System32\lliam.dat

Removed! : C:\WINDOWS\System32\lrtls.dll

Removed! : C:\WINDOWS\System32\lsyim.dll

Removed! : C:\WINDOWS\System32\ltexw.dat

Removed! : C:\WINDOWS\System32\lwtda.dat

Removed! : C:\WINDOWS\System32\lwtfl.dat

Removed! : C:\WINDOWS\System32\lxxwv.dat

Removed! : C:\WINDOWS\System32\lzboq.dat

Removed! : C:\WINDOWS\System32\mfcop32.exe

Removed! : C:\WINDOWS\System32\mfcov32.exe

Removed! : C:\WINDOWS\System32\mfctd.dll

Removed! : C:\WINDOWS\System32\mfcvx32.exe

Removed! : C:\WINDOWS\System32\mfewx.dll

Removed! : C:\WINDOWS\System32\mgdnx.dat

Removed! : C:\WINDOWS\System32\mhewq.dat

Removed! : C:\WINDOWS\System32\mhpfa.dat

Removed! : C:\WINDOWS\System32\mlzwg.dat

Removed! : C:\WINDOWS\System32\mptom.dat

Removed! : C:\WINDOWS\System32\msdp.exe

Removed! : C:\WINDOWS\System32\mssk.dll

Removed! : C:\WINDOWS\System32\mxnhg.dll

Removed! : C:\WINDOWS\System32\myzeh.dat

Removed! : C:\WINDOWS\System32\nacbm.dll

Removed! : C:\WINDOWS\System32\nbyox.dat

Removed! : C:\WINDOWS\System32\netkx32.exe

Removed! : C:\WINDOWS\System32\netlu32.dll

Removed! : C:\WINDOWS\System32\netvi.dll

Removed! : C:\WINDOWS\System32\netvs32.dll

Removed! : C:\WINDOWS\System32\netzr.dll

Removed! : C:\WINDOWS\System32\nfdoc.dat

Removed! : C:\WINDOWS\System32\nfjof.dat

Removed! : C:\WINDOWS\System32\nktco.dat

Removed! : C:\WINDOWS\System32\nmilw.dat

Removed! : C:\WINDOWS\System32\ntlr.exe

Removed! : C:\WINDOWS\System32\ntlzp.dat

Removed! : C:\WINDOWS\System32\ntyo32.exe

Removed! : C:\WINDOWS\System32\oayyd.dat

Removed! : C:\WINDOWS\System32\ojocw.dat

Removed! : C:\WINDOWS\System32\oklwo.dat

Removed! : C:\WINDOWS\System32\oprqn.dat

Removed! : C:\WINDOWS\System32\pfkvv.dat

Removed! : C:\WINDOWS\System32\pivry.dat

Removed! : C:\WINDOWS\System32\qadwb.dat

Removed! : C:\WINDOWS\System32\qdwws.dat

Removed! : C:\WINDOWS\System32\qfiux.dat

Removed! : C:\WINDOWS\System32\qfncb.dat

Removed! : C:\WINDOWS\System32\qkumh.dat

Removed! : C:\WINDOWS\System32\qmlls.dat

Removed! : C:\WINDOWS\System32\qxjbz.dll

Removed! : C:\WINDOWS\System32\rbprj.dat

Removed! : C:\WINDOWS\System32\rgbpf.dat

Removed! : C:\WINDOWS\System32\rkbwk.dat

Removed! : C:\WINDOWS\System32\rmown.dat

Removed! : C:\WINDOWS\System32\rxgvn.dat

Removed! : C:\WINDOWS\System32\sbeok.dll

Removed! : C:\WINDOWS\System32\sdkad32.dll

Removed! : C:\WINDOWS\System32\sdkax32.exe

Removed! : C:\WINDOWS\System32\sdkbp32.exe

Removed! : C:\WINDOWS\System32\sdkie32.exe

Removed! : C:\WINDOWS\System32\sdklr.dll

Removed! : C:\WINDOWS\System32\sdkpo32.exe

Removed! : C:\WINDOWS\System32\sgsde.dat

Removed! : C:\WINDOWS\System32\shfma.dat

Removed! : C:\WINDOWS\System32\suiok.dat

Removed! : C:\WINDOWS\System32\sysfo32.exe

Removed! : C:\WINDOWS\System32\syske32.exe

Removed! : C:\WINDOWS\System32\syssu.exe

Removed! : C:\WINDOWS\System32\sysuc32.exe

Removed! : C:\WINDOWS\System32\sysuh.exe

Removed! : C:\WINDOWS\System32\tacjq.dll

Removed! : C:\WINDOWS\System32\tbvaq.dat

Removed! : C:\WINDOWS\System32\tmugf.dat

Removed! : C:\WINDOWS\System32\tpyua.dat

Removed! : C:\WINDOWS\System32\tpzsa.dll

Removed! : C:\WINDOWS\System32\tvdwr.dll

Removed! : C:\WINDOWS\System32\tvsoe.dat

Removed! : C:\WINDOWS\System32\ucqer.dat

Removed! : C:\WINDOWS\System32\ugnme.dat

Removed! : C:\WINDOWS\System32\ujldv.dat

Removed! : C:\WINDOWS\System32\upthj.dat

Removed! : C:\WINDOWS\System32\uvnfr.dat

Removed! : C:\WINDOWS\System32\uyzeu.dat

Removed! : C:\WINDOWS\System32\vajes.dat

Removed! : C:\WINDOWS\System32\vbcsh.dat

Removed! : C:\WINDOWS\System32\vbmox.dll

Removed! : C:\WINDOWS\System32\veohw.dll

Removed! : C:\WINDOWS\System32\vgwkg.dat

Removed! : C:\WINDOWS\System32\vmrie.dat

Removed! : C:\WINDOWS\System32\vukfq.dat

Removed! : C:\WINDOWS\System32\wcjvu.dat

Removed! : C:\WINDOWS\System32\webni.dat

Removed! : C:\WINDOWS\System32\wephw.dat

Removed! : C:\WINDOWS\System32\winaz32.dll

Removed! : C:\WINDOWS\System32\winix.exe

Removed! : C:\WINDOWS\System32\winlw.exe

Removed! : C:\WINDOWS\System32\winlx32.dll

Removed! : C:\WINDOWS\System32\wintc.exe

Removed! : C:\WINDOWS\System32\winvb.exe

Removed! : C:\WINDOWS\System32\winwi.exe

Removed! : C:\WINDOWS\System32\wjpde.dat

Removed! : C:\WINDOWS\System32\wjqhp.dat

Removed! : C:\WINDOWS\System32\wjywt.dat

Removed! : C:\WINDOWS\System32\wrcqi.dll

Removed! : C:\WINDOWS\System32\wtfxv.dll

Removed! : C:\WINDOWS\System32\wults.dat

Removed! : C:\WINDOWS\System32\wuvoc.dat

Removed! : C:\WINDOWS\System32\wwatw.dll

Removed! : C:\WINDOWS\System32\xgpxm.dll

Removed! : C:\WINDOWS\System32\xiwrx.dat

Removed! : C:\WINDOWS\System32\xkdoc.dat

Removed! : C:\WINDOWS\System32\xldqo.dat

Removed! : C:\WINDOWS\System32\xrleh.dat

Removed! : C:\WINDOWS\System32\xruyz.dat

Removed! : C:\WINDOWS\System32\xurxm.dat

Removed! : C:\WINDOWS\System32\xxcor.dll

Removed! : C:\WINDOWS\System32\yasnv.dat

Removed! : C:\WINDOWS\System32\ykbhe.dat

Removed! : C:\WINDOWS\System32\ykduz.dll

Removed! : C:\WINDOWS\System32\ynssb.dat

Removed! : C:\WINDOWS\System32\ywvqm.dat

Removed! : C:\WINDOWS\System32\zdoqw.dat

Removed! : C:\WINDOWS\System32\zfeec.dat

Removed! : C:\WINDOWS\System32\zirml.dat

Removed! : C:\WINDOWS\System32\znsww.dat

Removed! : C:\WINDOWS\System32\zphnj.dll

Removed! : C:\WINDOWS\System32\zpidl.dat

Removed! : C:\WINDOWS\System32\zubmm.dat

Removed! : C:\WINDOWS\System32\zvteo.dat

Removed! : C:\WINDOWS\System32\zyuec.dll

Attempted Clean Of Temp folder.

Removed Uninstall Key (HSA)

Removed Uninstall Key (SE)

Removed Uninstall Key (SW)

Pages Reset... Done! Logfile of HijackThis v1.98.0

Scan saved at 2:53:22 PM, on 7/13/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\cisvc.exe

c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\ntuj32.exe

C:\WINDOWS\system32\fxssvc.exe

c:\PROGRA~1\mcafee.com\vso\mcshield.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\Common Files\Dell\EUSW\Support.exe

C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\System32\wuauclt.exe

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\system32\appnz32.exe

C:\Documents and Settings\timmy helm\My Documents\hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\futvo.dll/sp.html#37049

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://futvo.dll/index.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://futvo.dll/index.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\futvo.dll/sp.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\futvo.dll/sp.html#37049

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://futvo.dll/index.html#37049

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?p=%s

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {E932D92E-8970-9789-B6C8-5C0899F1BA68} - C:\WINDOWS\ntfu.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll (file missing)

O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\en-us\msntb.dll

O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe

O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe

O4 - HKLM\..\Run: [syscheck] C:\WINDOWS\Fonts\win.hta

O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [appnz32.exe] C:\WINDOWS\system32\appnz32.exe

O4 - HKLM\..\RunOnce: [d3uc32.exe] C:\WINDOWS\system32\d3uc32.exe

O4 - HKLM\..\RunOnce: [ntuj32.exe] C:\WINDOWS\ntuj32.exe

O4 - HKLM\..\RunOnce: [atlfd.exe] C:\WINDOWS\system32\atlfd.exe

O4 - HKLM\..\RunOnce: [appsf.exe] C:\WINDOWS\appsf.exe

O4 - HKLM\..\RunOnce: [msly32.exe] C:\WINDOWS\system32\msly32.exe

O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [sws.exe] c:\program files\GlobalDialer\domer00014\gd-dial.exe -remove

O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll

O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - (no file)

O9 - Extra button: (no name) - {BE2F2769-8A63-4bc7-8A99-06C2C4AD7B9B} - (no file)

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - (no file) (HKCU)

O9 - Extra button: (no name) - {BE2F2769-8A63-4bc7-8A99-06C2C4AD7B9B} - (no file) (HKCU)

O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll

O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab28578.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab

O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab28578.cab

O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{6C2FDAC1-48A7-4DCB-B716-6CC47AFEC434}: NameServer = 66.38.0.240 66.38.0.241

Share this post


Link to post
Share on other sites

ok here it is aboutbusterlog file in safe mode -- Scan 1 --------

About:Buster Version 1.27

Removed! : C:\WINDOWS\drayb.dat

Removed! : C:\WINDOWS\futvo.dll

Removed! : C:\WINDOWS\gmijcg.dat

Removed! : C:\WINDOWS\jvcie.dat

Removed! : C:\WINDOWS\kxypet.dat

Removed! : C:\WINDOWS\qftsgw.dat

Removed! : C:\WINDOWS\rvqyni.dat

Removed! : C:\WINDOWS\wcbczp.dat

Removed! : C:\WINDOWS\System32\appnz32.exe

Attempted Clean Of Temp folder.

Removed Uninstall Key (HSA)

Removed Uninstall Key (SE)

Removed Uninstall Key (SW)

Pages Reset... Done!

Share this post


Link to post
Share on other sites

well here it is the newest logfile from hjt Logfile of HijackThis v1.98.0

Scan saved at 5:09:44 PM, on 7/13/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\cisvc.exe

c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\ntuj32.exe

C:\WINDOWS\system32\fxssvc.exe

c:\PROGRA~1\mcafee.com\vso\mcshield.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\System32\wuauclt.exe

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\system32\mfcup.exe

C:\Documents and Settings\timmy helm\My Documents\hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\futvo.dll/sp.html#37049

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://futvo.dll/index.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://futvo.dll/index.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\futvo.dll/sp.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\futvo.dll/sp.html#37049

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://futvo.dll/index.html#37049

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?p=%s

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {E932D92E-8970-9789-B6C8-5C0899F1BA68} - C:\WINDOWS\ntfu.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll (file missing)

O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\en-us\msntb.dll

O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe

O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe

O4 - HKLM\..\Run: [syscheck] C:\WINDOWS\Fonts\win.hta

O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKLM\..\Run: [mfcup.exe] C:\WINDOWS\system32\mfcup.exe

O4 - HKLM\..\RunOnce: [d3uc32.exe] C:\WINDOWS\system32\d3uc32.exe

O4 - HKLM\..\RunOnce: [ntuj32.exe] C:\WINDOWS\ntuj32.exe

O4 - HKLM\..\RunOnce: [atlfd.exe] C:\WINDOWS\system32\atlfd.exe

O4 - HKLM\..\RunOnce: [appsf.exe] C:\WINDOWS\appsf.exe

O4 - HKLM\..\RunOnce: [msly32.exe] C:\WINDOWS\system32\msly32.exe

O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [sws.exe] c:\program files\GlobalDialer\domer00014\gd-dial.exe -remove

O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll

O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - (no file)

O9 - Extra button: (no name) - {BE2F2769-8A63-4bc7-8A99-06C2C4AD7B9B} - (no file)

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - (no file) (HKCU)

O9 - Extra button: (no name) - {BE2F2769-8A63-4bc7-8A99-06C2C4AD7B9B} - (no file) (HKCU)

O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll

O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab28578.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab

O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab28578.cab

O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{6C2FDAC1-48A7-4DCB-B716-6CC47AFEC434}: NameServer = 66.38.0.240 66.38.0.241

Share this post


Link to post
Share on other sites

ok here we go again the newestlog from buster and hjt -- Scan 1 --------

About:Buster Version 1.27

Removed! : C:\WINDOWS\drayb.dat

Removed! : C:\WINDOWS\futvo.dll

Removed! : C:\WINDOWS\jvcie.dat

Attempted Clean Of Temp folder.

Removed Uninstall Key (HSA)

Removed Uninstall Key (SE)

Removed Uninstall Key (SW)

Pages Reset... Done! and the newest hjt logLogfile of HijackThis v1.98.0

Scan saved at 5:22:02 PM, on 7/13/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\cisvc.exe

c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\ntuj32.exe

C:\WINDOWS\system32\fxssvc.exe

c:\PROGRA~1\mcafee.com\vso\mcshield.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\System32\wuauclt.exe

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\system32\mfcup.exe

C:\Documents and Settings\timmy helm\My Documents\hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\futvo.dll/sp.html#37049

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://futvo.dll/index.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://futvo.dll/index.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\futvo.dll/sp.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\futvo.dll/sp.html#37049

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://futvo.dll/index.html#37049

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?p=%s

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {E932D92E-8970-9789-B6C8-5C0899F1BA68} - C:\WINDOWS\ntfu.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll (file missing)

O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\en-us\msntb.dll

O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe

O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe

O4 - HKLM\..\Run: [syscheck] C:\WINDOWS\Fonts\win.hta

O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKLM\..\Run: [mfcup.exe] C:\WINDOWS\system32\mfcup.exe

O4 - HKLM\..\RunOnce: [d3uc32.exe] C:\WINDOWS\system32\d3uc32.exe

O4 - HKLM\..\RunOnce: [ntuj32.exe] C:\WINDOWS\ntuj32.exe

O4 - HKLM\..\RunOnce: [atlfd.exe] C:\WINDOWS\system32\atlfd.exe

O4 - HKLM\..\RunOnce: [appsf.exe] C:\WINDOWS\appsf.exe

O4 - HKLM\..\RunOnce: [msly32.exe] C:\WINDOWS\system32\msly32.exe

O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [sws.exe] c:\program files\GlobalDialer\domer00014\gd-dial.exe -remove

O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll

O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - (no file)

O9 - Extra button: (no name) - {BE2F2769-8A63-4bc7-8A99-06C2C4AD7B9B} - (no file)

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - (no file) (HKCU)

O9 - Extra button: (no name) - {BE2F2769-8A63-4bc7-8A99-06C2C4AD7B9B} - (no file) (HKCU)

O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll

O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab28578.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab

O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab28578.cab

O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{6C2FDAC1-48A7-4DCB-B716-6CC47AFEC434}: NameServer = 66.38.0.240 66.38.0.241

Share this post


Link to post
Share on other sites

FOLLOW ALL STEPS WITHOUT REBOOTING AND WITH ALL OTHER WINDOWS CLOSED

 

First go to add/remove programs and uninstall global dialers if it is present

 

Please run HijackThis again and place a check beside each of the following. Once done close all other windows and click fix checked.

 

O2 - BHO: (no name) - {E932D92E-8970-9789-B6C8-5C0899F1BA68} - C:\WINDOWS\ntfu.dll

 

O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll (file missing)

 

O4 - HKLM\..\Run: [syscheck] C:\WINDOWS\Fonts\win.hta

O4 - HKLM\..\Run: [mfcup.exe] C:\WINDOWS\system32\mfcup.exe

O4 - HKLM\..\RunOnce: [d3uc32.exe] C:\WINDOWS\system32\d3uc32.exe

O4 - HKLM\..\RunOnce: [ntuj32.exe] C:\WINDOWS\ntuj32.exe

O4 - HKLM\..\RunOnce: [atlfd.exe] C:\WINDOWS\system32\atlfd.exe

O4 - HKLM\..\RunOnce: [appsf.exe] C:\WINDOWS\appsf.exe

O4 - HKLM\..\RunOnce: [msly32.exe] C:\WINDOWS\system32\msly32.exe

O4 - HKCU\..\Run: [sws.exe] c:\program files\GlobalDialer\domer00014\gd-dial.exe -remove

 

O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - (no file)

O9 - Extra button: (no name) - {BE2F2769-8A63-4bc7-8A99-06C2C4AD7B9B} - (no file)

O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - (no file) (HKCU)

O9 - Extra button: (no name) - {BE2F2769-8A63-4bc7-8A99-06C2C4AD7B9B} - (no file) (HKCU)

 

Next press ctrl, alt and delete at the same time and then click the processes tab.

 

Find and end task the following files

\ntuj32.exe

\mfcup.exe

 

Now close Task Manager

 

Next find and delete the following files and folders

C:\WINDOWS\ntfu.dll <---file

C:\WINDOWS\Fonts\win.hta <---file

C:\WINDOWS\system32\mfcup.exe <---file

C:\WINDOWS\system32\d3uc32.exe <---file

C:\WINDOWS\ntuj32.exe <---file

C:\WINDOWS\system32\atlfd.exe <---file

C:\WINDOWS\appsf.exe <---file

C:\WINDOWS\system32\msly32.exe <---file

c:\program files\GlobalDialer <---folder

 

 

Now run About Buster 2 times and copy the logs to be posted along with a fresh hijackthis log after rebooting.

Share this post


Link to post
Share on other sites

here is my log files from buster and hjt after i cleaned -- Scan 1 --------

About:Buster Version 1.27

Removed! : C:\WINDOWS\drayb.dat

Removed! : C:\WINDOWS\futvo.dll

Removed! : C:\WINDOWS\jvcie.dat

Attempted Clean Of Temp folder.

Removed Uninstall Key (HSA)

Removed Uninstall Key (SE)

Removed Uninstall Key (SW)

Pages Reset... Done! here is the second logfile from buster -- Scan 1 --------

About:Buster Version 1.27

Attempted Clean Of Temp folder.

Pages Reset... Done! and here is the logfile from hjt after reboot Logfile of HijackThis v1.98.0

Scan saved at 7:42:34 AM, on 7/14/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\cisvc.exe

C:\WINDOWS\Explorer.EXE

c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\ntuj32.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\Common Files\Dell\EUSW\Support.exe

C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\mfcup.exe

C:\WINDOWS\system32\fxssvc.exe

c:\PROGRA~1\mcafee.com\vso\mcshield.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Documents and Settings\timmy helm\My Documents\hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?p=%s

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {E13B4A8D-94E1-7DC1-FA52-A00B49ABE3D4} - C:\WINDOWS\system32\msrf32.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\en-us\msntb.dll

O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe

O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe

O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [mfcup.exe] C:\WINDOWS\system32\mfcup.exe

O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll

O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab28578.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab

O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab28578.cab

O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab

Share this post


Link to post
Share on other sites

well im still getting the same problem i still cant keep my homepage it still goes back to http search index help me out i must have done something wrong

Share this post


Link to post
Share on other sites

here we are maybe this time Logfile of HijackThis v1.98.0

Scan saved at 8:08:22 PM, on 7/14/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\cisvc.exe

c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\ntuj32.exe

C:\WINDOWS\system32\fxssvc.exe

c:\PROGRA~1\mcafee.com\vso\mcshield.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\Common Files\Dell\EUSW\Support.exe

C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\System32\svxhost.exe

C:\Program Files\Yahoo!\Messenger\ypager.exe

C:\WINDOWS\System32\wuauclt.exe

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\system32\cidaemon.exe

c:\windows\erxs.exe

C:\Program Files\mIRC\mirc.exe

C:\WINDOWS\explorer.exe

c:\windows\erxs.exe

C:\Documents and Settings\timmy helm\Application Data\ttuh.exe

C:\WINDOWS\System32\hfcqlt.exe

C:\WINDOWS\System32\koelie.exe

C:\Documents and Settings\timmy helm\My Documents\hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?p=%s

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {4BA06C7A-EF1C-5C9D-8220-15550AA37E49} - C:\WINDOWS\System32\uskx.dll

O2 - BHO: (no name) - {E13B4A8D-94E1-7DC1-FA52-A00B49ABE3D4} - C:\WINDOWS\system32\msrf32.dll (file missing)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\en-us\msntb.dll

O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe

O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe

O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Microsoft-Updates] svxhost.exe

O4 - HKLM\..\Run: [DPA] c:\windows\erxs.exe

O4 - HKLM\..\Run: [msnupdate] koelie.exe

O4 - HKLM\..\RunServices: [Microsoft-Updates] svxhost.exe

O4 - HKLM\..\RunServices: [msnupdate] koelie.exe

O4 - HKCU\..\Run: [Aida] C:\Documents and Settings\timmy helm\Application Data\ttuh.exe

O4 - HKCU\..\Run: [Tbfueo] C:\WINDOWS\System32\hfcqlt.exe

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll

O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab28578.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab

O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab

O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab28578.cab

O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{6C2FDAC1-48A7-4DCB-B716-6CC47AFEC434}: NameServer = 66.38.0.240 66.38.0.241

Share this post


Link to post
Share on other sites

Please run HijackThis again and place a check beside each of the foloowing items. Once done close all other windows and click fix checked.

 

R3 - Default URLSearchHook is missing

 

O2 - BHO: (no name) - {4BA06C7A-EF1C-5C9D-8220-15550AA37E49} - C:\WINDOWS\System32\uskx.dll

O2 - BHO: (no name) - {E13B4A8D-94E1-7DC1-FA52-A00B49ABE3D4} - C:\WINDOWS\system32\msrf32.dll (file missing)

 

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Microsoft-Updates] svxhost.exe

O4 - HKLM\..\Run: [DPA] c:\windows\erxs.exe

O4 - HKLM\..\Run: [msnupdate] koelie.exe

O4 - HKLM\..\RunServices: [Microsoft-Updates] svxhost.exe

O4 - HKLM\..\RunServices: [msnupdate] koelie.exe

O4 - HKCU\..\Run: [Aida] C:\Documents and Settings\timmy helm\Application Data\ttuh.exe

O4 - HKCU\..\Run: [Tbfueo] C:\WINDOWS\System32\hfcqlt.exe

 

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

 

O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab

 

 

Next boot to safe mode and delete the following files.

 

C:\WINDOWS\System32\uskx.dll

C:\WINDOWS\System32\svxhost.exe

C:\Documents and Settings\timmy helm\Application Data\ttuh.exe

C:\WINDOWS\System32\hfcqlt.exe

C:\WINDOWS\System32\koelie.exe

c:\windows\erxs.exe

C:\WINDOWS\System32\hfcqlt.exe

 

Now while still in safe mode run About:Buster again.

Copy the log from it and post it along with another HijackThis log.

Share this post


Link to post
Share on other sites

well here it is again -- Scan 1 --------

About:Buster Version 1.30

Removed! : C:\WINDOWS\acxld.dat

Removed! : C:\WINDOWS\aeflk.dat

Removed! : C:\WINDOWS\axnna.dat

Removed! : C:\WINDOWS\bmuhh.dat

Removed! : C:\WINDOWS\bytes.dat

Removed! : C:\WINDOWS\cdrfr.dat

Removed! : C:\WINDOWS\cnzyx.dat

Removed! : C:\WINDOWS\dceew.dat

Removed! : C:\WINDOWS\efyuf.dat

Removed! : C:\WINDOWS\enzff.dat

Removed! : C:\WINDOWS\esgfg.dat

Removed! : C:\WINDOWS\euvxu.dat

Removed! : C:\WINDOWS\fxcmh.dat

Removed! : C:\WINDOWS\gfisn.dat

Removed! : C:\WINDOWS\ggbhb.dat

Removed! : C:\WINDOWS\gkxbf.dat

Removed! : C:\WINDOWS\gwjzh.dat

Removed! : C:\WINDOWS\hdjkm.dat

Removed! : C:\WINDOWS\jkvmz.dat

Removed! : C:\WINDOWS\jlsvh.dat

Removed! : C:\WINDOWS\jtsdi.dat

Removed! : C:\WINDOWS\kmvvx.dat

Removed! : C:\WINDOWS\krgvy.dat

Removed! : C:\WINDOWS\loclp.dat

Removed! : C:\WINDOWS\mdusk.dat

Removed! : C:\WINDOWS\mfovf.dat

Removed! : C:\WINDOWS\mqdpm.dat

Removed! : C:\WINDOWS\mreeu.dat

Removed! : C:\WINDOWS\mxeuv.dat

Removed! : C:\WINDOWS\nptdl.dat

Error Removing! : C:\WINDOWS\ntuj32.exe

Removed! : C:\WINDOWS\nuzeb.dat

Removed! : C:\WINDOWS\nwquz.dat

Removed! : C:\WINDOWS\pemou.dat

Removed! : C:\WINDOWS\pqfvh.dat

Removed! : C:\WINDOWS\pyvpz.dat

Removed! : C:\WINDOWS\qdcfx.dat

Removed! : C:\WINDOWS\rkype.dat

Removed! : C:\WINDOWS\romlk.dat

Removed! : C:\WINDOWS\rvqyni.dat

Removed! : C:\WINDOWS\rzktx.dat

Removed! : C:\WINDOWS\syuib.dat

Removed! : C:\WINDOWS\tbomj.dat

Removed! : C:\WINDOWS\tdfoq.dat

Removed! : C:\WINDOWS\togkm.dat

Removed! : C:\WINDOWS\towpv.dat

Removed! : C:\WINDOWS\tqepp.dat

Removed! : C:\WINDOWS\tuljw.dat

Removed! : C:\WINDOWS\ucnni.dat

Removed! : C:\WINDOWS\vypzc.dat

Removed! : C:\WINDOWS\vzfcq.dat

Removed! : C:\WINDOWS\waeke.dat

Removed! : C:\WINDOWS\wxgtx.dat

Removed! : C:\WINDOWS\wzkvh.dat

Removed! : C:\WINDOWS\xhxmn.dat

Removed! : C:\WINDOWS\xjhff.dat

Removed! : C:\WINDOWS\yezzp.dat

Removed! : C:\WINDOWS\yimlk.dat

Removed! : C:\WINDOWS\yycfm.dat

Removed! : C:\WINDOWS\yyjnx.dat

Removed! : C:\WINDOWS\zaurb.dat

Removed! : C:\WINDOWS\zpjnk.dat

Removed! : C:\WINDOWS\zuaed.dat

Removed! : C:\WINDOWS\System32\aqxjs.dat

Removed! : C:\WINDOWS\System32\bdayk.dat

Removed! : C:\WINDOWS\System32\bsnsz.dat

Removed! : C:\WINDOWS\System32\dsuym.dat

Removed! : C:\WINDOWS\System32\ehphs.dat

Removed! : C:\WINDOWS\System32\etojt.dat

Removed! : C:\WINDOWS\System32\gcpqw.dat

Removed! : C:\WINDOWS\System32\ghzpw.dat

Removed! : C:\WINDOWS\System32\gpahq.dat

Removed! : C:\WINDOWS\System32\gugoa.dat

Removed! : C:\WINDOWS\System32\gwmes.dat

Removed! : C:\WINDOWS\System32\hjfep.dat

Removed! : C:\WINDOWS\System32\hujiu.dat

Removed! : C:\WINDOWS\System32\iaobj.dat

Removed! : C:\WINDOWS\System32\ihuaf.dat

Removed! : C:\WINDOWS\System32\iipls.dat

Removed! : C:\WINDOWS\System32\jvjqr.dat

Removed! : C:\WINDOWS\System32\lccup.dat

Removed! : C:\WINDOWS\System32\lluly.dat

Removed! : C:\WINDOWS\System32\lnmxs.dat

Removed! : C:\WINDOWS\System32\mfcup.exe

Removed! : C:\WINDOWS\System32\mifdj.dat

Removed! : C:\WINDOWS\System32\nicpf.dat

Removed! : C:\WINDOWS\System32\ocyli.dat

Removed! : C:\WINDOWS\System32\ofzrw.dat

Removed! : C:\WINDOWS\System32\owtra.dat

Removed! : C:\WINDOWS\System32\ppmqz.dat

Removed! : C:\WINDOWS\System32\qfrmv.dat

Removed! : C:\WINDOWS\System32\qkdec.dat

Removed! : C:\WINDOWS\System32\qmyoz.dat

Removed! : C:\WINDOWS\System32\sjeil.dat

Removed! : C:\WINDOWS\System32\tnafw.dat

Removed! : C:\WINDOWS\System32\tqsmy.dat

Removed! : C:\WINDOWS\System32\uscld.dat

Removed! : C:\WINDOWS\System32\wmibp.dat

Removed! : C:\WINDOWS\System32\wumvu.dat

Removed! : C:\WINDOWS\System32\wvvgv.dat

Removed! : C:\WINDOWS\System32\wxxrm.dat

Removed! : C:\WINDOWS\System32\xhroa.dat

Removed! : C:\WINDOWS\System32\yfdmc.dat

Removed! : C:\WINDOWS\System32\ygiax.dat

Removed! : C:\WINDOWS\System32\yhlmr.dat

Removed! : C:\WINDOWS\System32\ykwkv.dat

Removed! : C:\WINDOWS\System32\zxcpy.dat

Attempted Clean Of Temp folder.

Pages Reset... Done! and the other Logfile of HijackThis v1.98.0

Scan saved at 9:11:14 PM, on 7/14/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\cisvc.exe

c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\fxssvc.exe

c:\PROGRA~1\mcafee.com\vso\mcshield.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\Common Files\Dell\EUSW\Support.exe

C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

C:\Documents and Settings\timmy helm\My Documents\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?p=%s

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\en-us\msntb.dll

O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe

O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe

O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll

O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab28578.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab

O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab28578.cab

O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0